Merge pull request #194 from r4um/validate-state
Validate state param while redirecting.
This commit is contained in:
commit
d5a332c3f2
@ -476,7 +476,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
|
||||
}
|
||||
|
||||
redirect := req.Form.Get("state")
|
||||
if redirect == "" {
|
||||
if !strings.HasPrefix(redirect, "/") {
|
||||
redirect = "/"
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user